@rp_st Currently my graphql service is exposed at /graphql endpoioint. To protect this endpoint so that only authenticated users can send request, I am using supertokens verifysession function. Everything is working as expected.

App.POST(graphqlPath, graphqlHandler(r.GS), auth.VerifySession(nil))

But now I want to allow anonymous users to access the graphql endpoint. I would like to check for user in the resolver function instead:

// CreateAccount is the resolver for the createAccount field.
func (r *mutationResolver) CreateAccount(ctx context.Context, input ent.CreateAccountInput) (*ent.Account, error) {
    // TODO:  extract userID from ctx

any suggestions?

hey @aV there is a sessionRequired option that you can pass to verifySession. Check that out.

thanks